How to patch Ubuntu

Q: How do I check which version of Ubuntu I am running?

Use: lsb_release -a —or— cat /etc/os-release (Terminal). Record the result before and after patching to confirm the update applied.

Canonical · Operating System · 5 steps · Ubuntu security status → · updated June 2026

Ubuntu security updates are delivered through apt and the Ubuntu Security Notices (USN) feed. Apply them regularly, reboot when a kernel update needs it, and use Ubuntu Pro (ESM) if you must run a release past its standard support window.

actively exploited (KEV)

2,000

tracked CVEs

26.04

latest supported

Ubuntu has 25 actively-exploited vulnerabilities on the CISA KEV list — patching is urgent.

Check your current version first

Before you patch, record what you're running (Terminal):

lsb_release -a   —or—   cat /etc/os-release

Or paste your version into the checker for an instant verdict.

Step by step

Check your release

Run lsb_release -a to confirm which Ubuntu release (and whether LTS) you are on.

Apply security updates

Run sudo apt update && sudo apt upgrade (use full-upgrade if packages need adding/removing). To automate security patches, enable the unattended-upgrades package.

Reboot if required

If a kernel or core library updated, reboot — check for /var/run/reboot-required. On Ubuntu Pro you can use Livepatch to apply kernel fixes without an immediate reboot.

Upgrade the release when needed

To move to a newer release run sudo do-release-upgrade (LTS-to-LTS by default). Read the release notes for breaking changes first.

Cover end-of-life releases

If a release is past standard support, attach Ubuntu Pro for Expanded Security Maintenance (ESM), or upgrade to a supported release.

Watch out for:

A patched kernel only protects you after a reboot (or Livepatch) — do not skip it.
Past-EOL releases stop getting fixes unless you have Ubuntu Pro/ESM.

Official sources

Advisory: Ubuntu Security Notices (USN) ↗
Download: Ubuntu releases ↗

Don't patch blind. Ubuntu has 25 actively-exploited vulnerabilities on the CISA KEV list — patching is urgent. See exactly which versions are safe and what you're exposed to.

Ubuntu security status →

Stay ahead of the next one

Ubuntu security status & health score — score, open CVEs and safe version.
Ubuntu vulnerabilities — the full CVE list and what's exploited.
Ubuntu end-of-life dates — don't run a release that's stopped getting fixes.
Monitor Ubuntu — get an email alert the moment a new exploited vulnerability lands.

Frequently asked questions

What is the latest version of Ubuntu?

As of June 2026, the latest supported Ubuntu release we track is 26.04. Patch to the current release on your branch and confirm the version after updating.

How do I check which version of Ubuntu I am running?

Use: lsb_release -a —or— cat /etc/os-release (Terminal). Record the result before and after patching to confirm the update applied.

Is Ubuntu being actively exploited right now?

Yes — 25 Ubuntu vulnerabilities are on the CISA Known Exploited Vulnerabilities (KEV) list, so attackers are using them in the wild. Patch promptly. See the exploitation radar.

How do I patch Ubuntu safely without breaking production?

Always test in a non-production environment first, take a backup or snapshot, follow the official vendor advisory, and have a tested rollback. Patch one node at a time for clustered or high-availability setups.

Patch steps are general, well-established guidance for Ubuntu — always test in a non-production environment first and follow the official Canonical advisory for your exact version. IsItPatched is independent and not affiliated with Canonical; this is not a substitute for vendor documentation. See our disclaimer.

← All patching guides · Security guides →